Safe boxes are used for storing money, legal instructions, important intangible things, and important documents. Most banks lease conventional safe boxes to their customers for the storage of valuable items. If a subject stored in a conventional safe is a document, the safe can only preserve the document. It is not intended to prove what is on it and when the document starts its existence.
Banks provide conventional safes to customers for their convenience. After a customer rents a safe, the customer can store items in the safe for secure storage. Each time when the customer accesses the safe, the customer must personally visit the safe, present the key to a representative of the bank, and sign an access form which contains access date and time. The bank representative then uses both its key and the customer key to open the safe. This system is safe because the bank employees cannot open the safe without the customer key.
In providing this conventional safe service, the bank keeps track of each access by the customer, but makes no attempt to track the stored items as to their identities and deposit times. The user of the safe must make a trip to the bank for each access, stand and wait in a line for a customer representative, and sign an access log form. Due to the nature of this service, a customer can rent a safe only from a local bank or safe provider.
Since the advent of the Internet, it is obvious that digital files can be stored on a remote server. The service of accepting and maintaining files on a server has been long existed. Using a server to keep files is a natural extension of the server's storage capacity. The file storage systems have the common goal that they allow their users to get copies of the files from the servers if their original files are lost.
Some companies have provided file storage services by using an online file storage system for years. Those companies provide a central server where each of the remote customers is assigned a folder associated with a user account so that customers can store files. Some companies may provide additional features of improved security for the stored files. For example, the customer may encrypt the files using the password of the user account.
The online file storage system is similar to the conventional safe in its utility. When the originals of a customer are destroyed by fire, natural disasters, or acts of crimes, the customer may get a copy of the files from the server as the secondary evidence of the lost original files. Such secondary evidence is acceptable in court in the case that the originals are unavailable. Even if the secondary evidence is unacceptable in some cases, the copies can help the owner reconstruct information in the original files. However, the system does not provide any proof when each of the items starts its existence. Nor is it possible to authenticate the substance of the file. For example, after the original is destroyed in a fire, a person can question if a copy recovered from such a system is a true copy of the destroyed document.
Moreover, the current file storage system does not fully address all safety issues. In a typical system, files are encrypted using account password. This password must be stored on the server for authenticating the owner. Even if the password is stored in a hashed form, it is still possible to reverse the hashed form to the original password. Thus, as long as a security measure is based on account password, the files can be accessed by anyone who has access to the server. Moreover, after the password is used in encrypting files, it is very burdensome and risky to change it.
Nor the encryption methods used in some file storage systems can prevent hackers from accessing stored files. In such a system, hashed passwords and account names are kept in a file or database table. If a hacker gets this file by illegal means, the hacker can reverse all hashed passwords to real passwords for all accounts. Therefore, the hacker not only can get login names, but also can get the passwords for decrypting stored files. Therefore, this encryption method is not safe enough to prevent illegal and illegitimate access. Any safe system that uses account passwords as encryption keys is not secure enough for storing highly confidential information.
One obstacle to the clouds computing technologies is the at-rest data security while the public is much less concerned with data transport security. This opinion is based upon the observation that businesses and individuals are willing to use email to send confidential files, but much reluctant to save their confidential information and personal secrets on others' servers for storage. The users apparently take the chance that it is highly unlikely for someone to intercept their messages or jack their keys among millions of messages transmitting in the Internet.
Many noted key attack trials have demonstrated that key attacks are computationally infeasible. For AES-128, the key can be recovered with a computational complexity of 2126.1 using bicliques. For biclique attacks on AES-192 and AES-256, the computational complexities are 2189.7 and 2254.4 respectively. Related-key attacks can break AES-192 and AES-256 with complexities 2176 and 299.5, respectively. Therefore, the security vulnerability is generally not in encryption algorithms.
The public does not have confidence in multiple-party security arrangements. While such arrangements can provide good protection against law-abiding people, it cannot prevent unlawful access for many reasons. First, the biggest problem arises from the insider jobs by those who are involved in the arrangement. Insider threats discourage the sharing of storage space. When a hacker is interested in acquiring secret information from a target user, the hacker can approach those knowing the target. Internal policy and law will not stop such contact. If secret information sought has a huge economic value, no private agreement can stop commercial espionage and conspiracy. Second, the entire infrastructure is vulnerable. For example, information transmitting on the Internet can be intercepted by middlemen, and passwords and encryption keys can be jacked in transmission; the whole database can be dumped and taken by an insider; the server software can be tampered to engage in unauthorized activities; and spy-ware and virus can be installed secretly on client computers to get confidential information, encryption keys, and passwords; and even the server itself can be tampered to capture the information in memory. Finally, all multiple-party security arrangements are vulnerable to abusive legal process. A person can file a lawsuit against another person, whether it is frivolous or for improper purpose, to gain subpoena right. By the time the case is dismissed, the person might have acquired the secrets. Those observations show that “trusted system,” trusted vendors” and “trusts components” cannot be trusted.
Transport layer security and the public key infrastructure were considered a great protection of confidential data in transmission. However, its vulnerability has long been found. See “Keyjacking: the surprising insecurity of client-side SSL, John Marchesini et al., Computers & Security (2004). This article concluded by stating “we demonstrate via a series of experiments that this assumption does not hold with standard desktop tools, even if the browser user does all the right things. A fundamental rethinking of the trust, usage, and storage model might result in more effective tools for achieving the PKI vision.”
Many file storage systems are developed on the basis of a flawed assumption that all people on the Internet play their games by rules, and thus true credentials and trust can be established. By implication, those systems can only stop law-abiding people from committing unlawful acts. The hackers do not follow any rules and they can use any unlawful means, including intercepting messages, bribing employees, soliciting secrets from third parties, and abusing the legal process. Data storage security cannot achieved by relying upon the rules and laws, corporate practices, moral standards, private contracts, criminal sanctions, trusted hardware components, trusted software components, trusted third parties, and trusted employees. The data on the public cloud must be treated as intelligence information sought by hostile entities, competitors and individual hackers. True data security in the Internet can be achieved only by two ways: messages transmission in anonymity and encrypting messages on the client computer.
Sending and storing messages in anonymity would be the most effective way of combating against targeted hacking operations, but it is inconsistent with the web protocols and the legal constraints. The internet is a high way with millions of transmitting messages in any moment. It is practically impossible for any hacker to capture all passwords, all encryption keys, and all messages. Each successful attack would require great financial resources and a long implementation time, from collecting intelligence information, exploring vulnerabilities, identifying and finding insiders, formulating a plan, to carrying out the plan. For a given hacking operation, the first thing a hacker would do is to determine a target, either based upon hacker's purpose, or the desire to seek certain type of information. For whatever objectives, sender and receiver identities and the detectable key words in transmitting messages are the first things that the hacker seeks. When a person sends a message with true identity concealed and without any red flags, no body would capture this message in a second time window. Even if a hacker has found a target person by other means, the hacker still lacks information necessary to associate the target person with a particular message in transmission. Hacking all messages is practically impossible.
Multiple-party security arrangements not only fail to prevent target attacks, but increase the vulnerability to target attacks. If a website has been identified as the attack target, little can be done to stop it. The third parties and their employees, the true identities of the target persons or entities, the published information concerning the site, and the detailed arrangements would serve as useful leads for the hacker to use in making an attack plan. In contrast, the hacker could not find any lead with respect to an anonymous message. To achieve the highest data security in transmission and at storage, one strategy is to eliminate or reduce unnecessary middlemen.
The other secure method is to encrypt the data on the client computer before the data are sent out. The security of the data depends upon if the encryption method is strong enough to be immune from cracking. Encryption of data on client computers presents an obstacle to encryption synchronization. One solution is employing a third party to manage encryption method and encryption key. The existence of the third party leaves valuable leads for hackers to seek.
Therefore, there is a need for a new online file storage system for storing files which can be easily accessed anywhere; there is a need for an online file storage system which is truly safe and secure; there is a need for an online file storage system which can provide proof as to the time of existence of the stored files and the substance of the files, when necessary; and there is a need for an online file storage system that allows other persons to access stored files for the purpose of establishing the substance of the stored files; and there is a need for an online file storage system capable of tracking the access history of the files.